cfbs-analyze: ignore generated files controlling CFEngine policy updates #224
Conversation
…y updates Signed-off-by: jakub-nt <175944085+jakub-nt@users.noreply.github.com>
jakub-nt
force-pushed
the
cfbs-analyze-ignore-policy-update-files
branch
from
4406e93 to
0232a4d
Compare
|
Thanks for submitting a pull request! Maybe @craigcomstock can review this? |
nickanderson
left a comment
nickanderson
left a comment
There was a problem hiding this comment.
Bah, I thought i submitted my review, but it was just pending.
| ".github/", | ||
| # CFEngine policy distribution generated files: | ||
| "cf_promises_release_id", | ||
| "cf_promises_validated", |
There was a problem hiding this comment.
Yeah, those file are generated. But, in fact I would call this out as a warning I guess.
If those files are present in /var/cfengine/masterfiles on an installed host fine, expected. But, if those files are for example in the root of your repo and you were deploying it to hosts then it would cause an active problem with policy distribution and updates.
There was a problem hiding this comment.
Right. But how can we tell? Normally, I'd say "check for these files, if they are present, it's a live set on a hub" 😅
There was a problem hiding this comment.
Yea, probably a bit difficult / out of scope for cfbs analyze. Just looking at you using it yesterday, you copied the folder to a tmp dir before running analyze, so not really a good way of knowing.
There was a problem hiding this comment.
Well, the only place that they are expected is WORKDIR/masterfiles. So, cfbs could try to call cf-promises or something to drive where workdir is (and assume /var/cfengine/mastefiles or I guess perhaps /etc/cfengine/masterfiles would be the FHS location).
It's really unlikely for that to happen in a cfbs managed policy set, we can let it go. cfbs convert when it exists won't make them part of the policy set.
5 participants
No description provided.